/********************************************
 * 功能说明: 
 * 模块名称: 
 * 系统名称: 
 * 软件版权: Frank
 * 系统版本: 1.0.0
 * 开发人员: Frank
 * 开发时间: 2019/12/4 11:04
 * 审核人员: 
 * 相关文档: 
 * 修改记录: 修改日期 修改人员 修改说明
 *********************************************/
package com.spring.arch.uaa.oauth2.handler;

import com.spring.arch.common.security.SecurityLog;
import com.spring.arch.common.utils.HttpUtils;
import com.spring.arch.common.security.SecurityLog;
import com.spring.arch.common.utils.HttpUtils;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.web.access.AccessDeniedHandler;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

/**
 * @author Frank
 * @version 1.0.0.1
 * @since 2019/12/4 11:04
 */
public class SecurityAccessDeniedHandler implements AccessDeniedHandler {

    @Override
    public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException e) throws IOException, ServletException {
        final String clientIp = HttpUtils.getClientIP(request);

        SecurityLog.urlAuthority.warn(
                "[{}] url [{} | {}] 没有访问权限 : {}",
                clientIp,
                request.getRequestURI(),
                request.getMethod(),
                e.getMessage());

        response.sendError(HttpServletResponse.SC_FORBIDDEN, String.format("[%s]|当前用户没有访问[%s | %s]的权限", clientIp, request.getRequestURI(), request.getMethod()));
    }
}
